Debug School

rakesh kumar
rakesh kumar

Posted on • Updated on

How to enable strong password policies on your Linux for securing linux server

To enable strong password policies on your Linux server, you can follow these steps:

1.Install the necessary tools: You will need the "libpam-pwquality" package to enable password quality checking.

sudo apt-get install libpam-pwquality
Enter fullscreen mode Exit fullscreen mode

2.Configure password policy settings: Edit the file "/etc/pam.d/common-password" to include the password policy settings. You can add the following settings:

password requisite pam_pwquality.so retry=3 minlen=12 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 enforce_for_root
Enter fullscreen mode Exit fullscreen mode

his will enforce the following password policy:

  1. Password length must be at least 12 characters
  2. Password must contain at least one uppercase letter, two lowercase letters, one digit, and one special character
  3. Password cannot include any words from a dictionary
  4. Password cannot be a simple variation of the user's username
  5. Root user is also subject to these password policy requirements . 3.Test the password policy: Create a new user account and try to set a weak password. The system should reject weak passwords and only allow strong passwords that meet the policy requirements.

4.Regularly update passwords: Make sure users are regularly updating their passwords to maintain strong security. You can set a password expiration policy to enforce this.

sudo chage -M 90 username
Enter fullscreen mode Exit fullscreen mode

This command will set the maximum password age for a user to 90 days.

By implementing these steps, you can ensure that your Linux server has strong password policies in place to protect against unauthorized access.

To enable strong password policies on your Linux server by editing the "/etc/login.defs" file, you can follow these steps:

Open the "/etc/login.defs" file in a text editor with root privileges:

sudo nano /etc/login.defs
Enter fullscreen mode Exit fullscreen mode

Search for the following lines:

PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_WARN_AGE   7
Enter fullscreen mode Exit fullscreen mode

These lines control the password expiration policy. By default, passwords do not expire on a Linux server, which is a security risk. You can change these settings to enforce a password expiration policy. For example, you can set a password expiration policy of 90 days, with a warning period of 7 days:

Image description

Image description

By implementing these steps, you can ensure that your Linux server has strong password policies in place to protect against unauthorized access.

=======================================================

Top comments (0)